International Business Machines Corporation
BLOCK-BASED ANOMALY DETECTION

Abstract:

A plurality of blocks of a first storage device are monitored. The first storage device is related to a computer system. A subset of blocks of the plurality a compared to a first storage signature of the first storage device. Based on the comparing of the subset of blocks to the first storage signature, a security anomaly is determined on the computer system. In response to the security anomaly, a security action is performed. The security action is related to the computer system.